Manage Keys of Encrypted Shared Folders
You can use Key Manager to manage keys of shared folders and decrypt multiple encrypted shared folders at the same time.
Term explanation:
- Key store: A key store is any external device or system partition supported by Synology NAS and is used as a physical key to decrypt shared folders.
- Cypher: A cypher is a method of encrypting keys of shared folders. Key Manager provides two types of cyphers:
- Passphrase: Keys encrypted by a passphrase can be decrypted by whoever knows the passphrase.
- Machine key: Keys encrypted by a machine key can only be decrypted by the binded Synology NAS.
To initialize a key store:
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Select an external device or system partition as the key store from Key Store Location.
- Enter a passphrase into the Passphrase field for this key store.
Security Suggestions:
- For safety and management purpose, it is safer to store the encrypted file and the corresponding key in different devices.
- We recommend that you select an external device as Key Store Location to enhance your data security.
To add a new key to a key store:
- Make sure you that you have initialized a key store.
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Click Add.
- Select an encrypted shared folder.
- Select the cypher for the encryption key. You can select either Passphrase or Machine key.
- Enter or import the encryption key.
- Click OK to save the settings.
To decrypt multiple encrypted shared folders manually:
- Make sure that you have added keys to the key store.
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Select the encrypted shared folders you want to decrypt.
- Click Mount.
To decrypt multiple encrypted shared folders on boot automatically:
- Make sure that you have added keys to the key store.
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Tick Mount on Boot for the encrypted shared folders you want to decrypt on boot.
- Click OK to save the settings.
To eject a key store after boot:
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Click Configure.
- Tick Eject device after boot.
- Click OK to save the settings.
To migrate existing encryption keys to a key store for shared folders mounted automatically:
Migrate keys during key store initialization:
- When initializing a key store, tick Migrate encryption keys to this key store for all existing shared folders mounted automatically (recommended).
Migrate keys manually:
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Click Configure.
- Click Migrate now.
- In case of duplicate keys, you can choose Overwrite duplicate keys.
- Click OK to save the settings.
To clone a key store in High Availability mode:
- Go to Control Panel > Shared Folder > Action > Key Manager.
- Click Clone.
- Select a source key store on the active Server from Source Key Store.
- Select a destination key store on the passive Server from Destination Key Store.
- Click Apply to save the settings.